Secret CISO Daily Newsletter - June 29, 2024 Welcome to today's edition of Secret CISO, where we dive deep into the latest and most impactful cybersecurity events shaping our world. Today, we uncover a web of espionage, data breaches, and innovative security measures that paint a vivid picture of the current cyber landscape.

Face Recognition at Google Offices: Google is piloting face recognition technology to bolster office security, aiming to create a safer work environment. This cutting-edge approach could redefine how we think about physical security in corporate settings.

Russian and Chinese Cyber Espionage: A cloud company has reported an attack by the notorious Russian hacker group APT29, while Chinese hackers are using ransomware as a smokescreen for their espionage campaigns. These incidents highlight the persistent and evolving threats from nation-state actors.

Massive Data Breaches: From Mass General Brigham firing three employees after a patient data breach to Infosys McCamish revealing that LockBit stole data of 6 million people, the scale of data breaches continues to grow. Over 400,000 members of the Texas Teachers Group and nearly 800,000 patients at a Chicago children's hospital are among the latest victims.

Telecom and Financial Sector Vulnerabilities: BSNL's latest data breach underscores the critical need for securing 4G and 5G networks. Meanwhile, Truist Bank faces a class action lawsuit over a data breach, and Live Nation confirms a Ticketmaster breach affecting 500 million users.

Global Cybersecurity Concerns: The National Cyber Security Centre (NCSC) is working to make the UK the safest place to live and work, while Franklin County successfully thwarted a brute force cyber attack.

Additionally, a research expert has presented irrefutable evidence to the UN that missile debris in Ukraine is of North Korean origin, emphasizing the global nature of security threats. Stay tuned as we delve into these stories and more, providing you with the insights and information you need to stay ahead in the ever-evolving world of cybersecurity.

Data Breaches

1. Google Is Piloting Face Recognition for Office Security: Google is testing facial recognition technology to enhance security in its offices. This initiative aims to streamline access control and bolster overall security measures. The pilot program is part of a broader effort to integrate advanced tech solutions into workplace safety protocols. Source: WIRED
2. Mass General Brigham Fires Three Employees After Patient Data Breach in Massachusetts: Three employees at Mass General Brigham were terminated following a data breach that compromised patient information. The healthcare organization is now offering credit monitoring services to affected individuals. This incident underscores the critical need for stringent data protection measures in healthcare settings. Source: Hoodline
3. Infosys McCamish says LockBit stole data of 6 million people: LockBit ransomware group has stolen sensitive data of 6 million individuals from Infosys McCamish. The compromised information includes Social Security numbers, medical records, and biometric data. This breach highlights the growing threat of ransomware attacks on large corporations. Source: Bleeping Computer
4. Over 400K Compromised in Texas Teachers Group Data Breach: The Association of Texas Professional Educators reported a data breach affecting over 400,000 members. The breach has raised concerns about the security of personal information within educational organizations. Authorities are investigating the incident to prevent future occurrences. Source: Dallas Express
5. Telecom Diary: BSNL's latest data breach shows the vitality of securing 4G, 5G mobile networks: BSNL has experienced a data breach, emphasizing the importance of securing 4G and 5G networks. The incident serves as a reminder for telecom companies to invest in robust security measures to protect sensitive data. This breach could have significant implications for the telecom industry. Source: Economic Times

Security Research

1. Microsoft Informs Customers of Email Espionage: Microsoft has notified its customers about a cyber-espionage campaign where hackers accessed email accounts. The attack, attributed to a Russian hacking group, has raised significant concerns about email security. Source: iTnews
2. Weekly Vulnerability Report: Critical Flaws in Microsoft, Adobe, MOVEit: Cyble security researchers have identified nearly a million IT assets exposed to critical vulnerabilities in Microsoft, Adobe, and MOVEit products. These flaws could potentially be exploited for malicious activities. Source: The Cyber Express
3. Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data: Security researcher Seongsu Park has uncovered that the Kimsuky group is using a malicious Chrome extension, TRANSLATEXT, to steal sensitive data. The extension masquerades as Google Translate to bypass security measures. Source: The Hacker News
4. Microsoft SharePoint Security Flaw: Security researcher Nguyễn Tiến Giang demonstrated a critical vulnerability in Microsoft SharePoint at the Pwn2Own Vancouver event. This flaw could potentially allow attackers to gain unauthorized access to sensitive data. Source: MSN
5. 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining: Security researchers have detailed how the 8220 Gang is exploiting vulnerabilities in Oracle WebLogic Server to conduct cryptocurrency mining operations. This highlights the ongoing threat of cybercriminals leveraging known security flaws for financial gain. Source: The Hacker News

Top CVEs

1. CVE-2024-29040: This vulnerability in the TPM2 Software Stack (TSS) allows a malicious device to manipulate the JSON Quote Info, potentially accessing unauthorized data or services. The issue has been patched in the latest version. Source: Vulners.
2. CVE-2024-38374: CycloneDX core module had an XML External Entity (XXE) injection vulnerability due to insecure configuration of DocumentBuilderFactory. This has been fixed in the latest version of cyclonedx-core-java. Source: Vulners.
3. CVE-2024-37370: In MIT Kerberos 5 before version 1.21.3, an attacker can modify the plaintext Extra Count field of a GSS krb5 wrap token, causing the unwrapped token to appear truncated. Source: Vulners.
4. CVE-2024-31919: IBM MQ versions 9.0 LTS to 9.3 CD are vulnerable to a denial of service attack due to an error in processing messages when an API Exit using MQBUFMH is used. Source: Vulners.
5. CVE-2024-5827: Vanna v0.3.4 has a SQL injection vulnerability in its DuckDB integration exposed to Flask Web APIs, allowing attackers to execute arbitrary commands or create malicious files. Source: Vulners.

API Security

1. Exploit for CVE-2024-34102: This script exploits a Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce versions 2.4.7 and earlier. The vulnerability allows for arbitrary code execution by sending a crafted XML document that references external entities. Exploitation does not require user interaction. Source: Vulners
2. CVE-2024-38514: NextChat's WebDav API endpoint has a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter. This SSRF can be used to perform arbitrary HTTPS requests or target NextChat users to execute arbitrary JavaScript code in their browser. This vulnerability has been patched in the latest version. Source: Vulners
3. CVE-2024-37905: Authentik, an open-source Identity Provider, has a vulnerability in its API-Access-Token mechanism that can be exploited to gain admin user privileges. A successful exploit results in full admin access to the Authentik application, including resetting user passwords. This issue has been patched in recent versions. Source: Vulners
4. CVE-2024-38371: Authentik's OAuth2 Device code flow has a vulnerability where access restrictions assigned to an application are not checked. This could allow unauthorized users to get OAuth tokens and access the application. The issue has been patched in the latest versions. Source: Vulners
5. CVE-2024-31919: IBM MQ versions 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD are vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. This vulnerability has been identified and documented by IBM X-Force. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

As we wrap up today's edition of Secret CISO, it's clear that the cybersecurity landscape is as dynamic and challenging as ever. From Google's innovative face recognition pilot for office security to the relentless data breaches affecting millions, our digital world demands constant vigilance and adaptation.

Remember, staying informed is our best defense. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure and resilient digital community. Until next time, stay safe and stay secure!